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REMARKS 

Claims 28-52 are currently pending in the subject application, and are presently under 
consideration. Claims 28-52 are rejected. Favorable reconsideration of the application is 
requested in view of the comments herein. 

It is respectfully submitted that the finality of the current Office Action should be 
withdrawn. The Applicant has not yet made any substantive amendment to the present claims. 
An Office Action caimot be made final where the Examiner introduces a rejection based on 
newly cited art, other than information submitted in an IDS filed under 37 CFR 1.97(c) (See 
MPEP Section 706.07(a)). The Examiner has cited new references not cited in previous Office 
Actions to support the finality of the present Office Action. Specifically, it is respectfully 
submitted that the citation of U.S. Patent Nos. 5,922,074, 6,249,873 and U.S. Patent Application 
No. 2002/0029337 constitute the aforementioned new references and thus require that the finality 
of the present Office Action be withdrawn. 

In the Office Action, the Examiner recites that the newly cited references are provided as 
a basis to show a general knowledge to those of ordinary, skill in the art at the time of the present 
invention. In teleconferences with the Examiner on Jime 15-16, the Examiner indicated that the 
newly cited references are provided as extrinsic evidence, and the Examiner employed MPEP 
21 1 1 .01 as a basis for support in employing these references in the rejection. MPEP 21 1 1 .01 is 
the section describing that the claims must be given their plain meaning unless defined in the 
specification, and that the plain meaning refers to the ordinary and customary meaning given to 
the term by those of ordinary skill in the art. Applicant's representative respectfully traverses the 
Examiner's reasoning that MPEP 21 11 .01 provides any support for citing new references to 
support the knowledge generally available to one of ordinary skill in the art to provide the 
missing motivation in the references cited in the previous office action. The Applicant's 
representative should be provided an opportunity to address the newly cited references in a non- 
final office action. 

Additionally, Applicant's representative requests that the Examiner initial the references 
cited in the "Notice of References Cited (PTO-892 form) to acknowledge that the Examiner has 
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addressed these references in the Examination. 

I. The Rejection of Claims 28. 35. 41 and 47 Under 35 V.S.C. S103(a) Should be 
Withdrawn 

Claims 28, 35, 41 and 47 stand rejected under 35 U.S.C. §103(a) as being unpatentable 
over Ginter, et al, U.S. Patent No. 6,658,568 ("Ginter") in view of Vogel, et al, U.S. Patent No. 
6,816,900 ("Vogel") and in further view of Riggins, U.S. Patent No. 6,233,341 ("Riggins"). 
Withdrawal of this rejection is respectfully requested for at least the following reasons. 

The Examiner cites Ginter to show an automated approach to obtaining a second 
certificate by using a first certificate. In regards to claims 28, 35, 41 and 47, Applicant's 
representative agrees wdth the Office Action that Ginter does not teach or suggest accessing a 
registration server or server platform using a user's server and the first certificate of the user to 
create a connection that authenticates both the user's server identity via a server certificate of the 
user server and the user's identity via the user's first certificate, as recited in claims 28, 35, 41 and 
47. The Examiner then cites that Vogel teaches authenticating based on multiple certificates. 
The Examiner cites new references U.S. Patent Nos. 5,922,074 ('074 patent), 6,249,873 ('873 
patent) and U.S. Patent Application No. 2002/0029337 ('337 publication) as evidence of a 
general knowledge to those of ordinary skill in the art that it was knovra to check both a client 
and server certificate to provide the required teaching, suggestion or motivation to combine 
Vogel v^th Ginter to provide the claimed accessing a registration server or server platform using 
a user's server and the first certificate of the user to create a connection that authenticating both 
the user's server identity via a server certificate of the user server and the user's identity via the 
user's first certificate, as recited in claims 28, 35, 41 and 47. 

As Applicant's representative previously stated, the newly cited references should 
necessitate a new ground of rejection, and therefore, the finality of the rejection should be 
withdrawn. However, Applicant's representative disagrees that Vogel or the newly cited 
references provide the required teaching, suggestion or motivation of the claimed automated 
approach to obtaining a second certificate by using a first certificate comprising accessing a 
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registrations server or server platform using a user's server and the first certificate of the user to 
create a connection that authenticating both the user's server identity via a server certificate of 
the user server and the user's identity via the user*s first certificate, creating a secure data channel 
between the registration server or server platform and the user server, and forwarding a request 
for the second certificate from the user server to the registration server or server platform, as 
recited in claims 28, 35, 41 and 47, 

The Examiner cites Vogel for teaching authenticating based on multiple certificates. 
Vogel discloses that to establish a secure connection between a client computer and a server 
computer, the server computer transmits a server certificate to the client computer (See Vogel, 
Col. 4, Lines 10-13). Vogel discloses that the client computer uses the server certificate to verify 
that the server computer can be trusted (Col. 4, Lines 13-15). This is accomplished by 
establishing a chain of certificates up to a trusted root certificate to authenticate the server 
certificate. That is each certificate v^ll have a parent certificate that authenticates the child 
certificate, until a final parent certificate is reached that is a trusted root certificate. Vogel is 
silent on an automated approach to obtaining a second certificate by using a first certificate 
comprising accessing a registration server or server platform using a user's server and the first 
certificate of the user to create a cormection that authenticates both the user's server identity via a 
server certificate of the user's server and the user's identity via the user's first certificate, creating 
a secure data channel between the registration server or server platform and the user server, and 
forwarding a request for the second certificate fi-om the user server to the registration server or 
server platform, as recited in claims 28, 35, 41 and 47. 

The Examiner cites Riggins for disclosing an authority for generating a private/public key 
pair, sending the private key to the user, and signing the public key. The addition of Riggins 
does not cure the above mentioned deficiencies of Ginter and Vogel to teach automatically 
obtaining a second certificate by using a first certificate comprising accessing a registration 
server or server platform using a user's server and the first certificate of the user to create a 
connection that authenticates both the user's server identity via a server certificate of the user's 
server and the user's identity via the user's first certificate, creating a secure data channel 
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between the registration server or server platform and the user server, and forwarding a request 
for the second certificate from the user server to the registration server or server platform, as 
recited in claims 28, 35, 41 and 47. Riggins teaches that a certifying authority verifies the 
identity and other information about a user, creates a signed certificate, and sends the signed 
certificate to the user (coL 1, 11. 40-67). Additionally, Riggins teaches only that the certifying 
authority signs the public key (col. 1, 11. 59-67). However, Riggins does not teach or suggest 
sending the public key from the authority to another authority to be signed, as recited in claims 
28 and 41. Therefore, Ginter, Riggins, and Vogel, individually or in combination, do not teach 
or suggest the elements of claims 28, 35, 41, and 47. Withdrawal of the rejection of claims 28, 
35, 41, and 47, as well as claims 29-34, 36-40, 42-46, and 48-52 which depend therefrom, 
respectively, is respectfully requested. 

Both the '074 and the '873 patent disclose that a client certificate is provided to a server 
from a client as an identification of the client to the server (FIG. 3). The server then checks its 
internal directory or another server directory to confirm the signature of the client certificate. 
Once the identity of the client is verified, an intemal directory access control rule is applied to a 
client connection. (See '074, Col. 7, Line 50 - Col. 8 Line 7). Both the '074 and the '873 patent 
disclose a directory cross referencing a client certificate, a server certificate and a 
communications context to retrieve an internally stored access control rule to apply to a client 
connection (See '074, Col. 1 1, Lines 21-25). It is respectfully submitted that the "cross 
referencing" in the '074 and the '873 patent does not correspond or provide the missing 
motivation for the claimed automatically obtaining a second certificate by using a first certificate 
comprising accessing a registration server or server platform using a user's server and the first 
certificate of the user to create a connection that authenticates both the user's server identity via a 
server certificate of the user's server and the user's identity via the user's first certificate, creating 
a secure data channel between the registration server or server platform and the user server, and 
forwarding a request for the second certificate from the user server to the registration server or 
server platform, as recited in claims 28, 35, 41 and 47. 
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Furthermore, the Federal Circuit has held that obviousness cannot be established by 
picking and choosing among individual parts of assorted prior art references as a mosaic to 
recreate a facsimile of the claimed invention. Akzo v. U.S. Int'l Trade Comm., 808 F.2d 1471, 
1481, 1 U.S.P.Q.2D (BNA) 1241, 20 (Fed. Cir. 1986). In the present application, it appears that 
the only reason for citing the '074 patent and the '873 patent is for its disclosure of checking a 
server certificate and a client certificate. Thus, it appears that the present application is being 
rejected on improper hindsight which the present application provides the missing motivation to 
combine and modify Ginter and Vogel and Riggins, and not the '074 patent and the '873 patent, 
to provide the claimed automatically obtaining a second certificate by using a first certificate 
comprising accessing a registration server or server platform using a user's server and the first 
certificate of the user to create a connection that authenticates both the user's server identity via a 
server certificate of the user's server and the user's identity via the user's first certificate, creating 
a secure data channel between the registration server or server platform and the user server, and 
forwarding a request for the second certificate from the user server to the registration server or 
server platform, as recited in claims 28, 35, 41 and 47. 

The '337 publication does not cure the aforementioned deficiencies of Ginter, Vogel and 
the '074 patent and the '873 patent. The '337 publication discloses security architectures to 
define mechanisms to construct a certification path through a hierarchy to obtain a given user's 
certificate and all certificate authority (CA) certificates necessary to validate it (See Par. [0015]). 
The '337 publication also discloses that these architectures share the common characteristic that a 
user need trust only one other public key to obtain and validate any other certificate (See Par. 
[0015]). Nothing in the '337 publication teaches or suggests automatically obtaining a second 
certificate by using a first certificate comprising accessing a registration server or server platform 
using a user's server and the first certificate of the user to create a connection that authenticates 
both the user's server identity via a server certificate of the user's server and the user's identity via 
the user's first certificate, creating a secure data chaimel between the registration server or server 
platform and the user server, and forwarding a request for the second certificate from the user 
server to the registration server or server platform, as recited in claims 28, 35, 41 and 47. 
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Additionally, it is respectfully submitted that the Examiner is not considering the 
patentability of claims as a whole. The Federal Circuit has held that in determining the 
differences between the prior art and the claims, the question under 35 U.S.C. 103 is not whether 
the differences themselves would have been obvious, but whether the claimed invention as a 
whole would have been obvious. Stratoflex, Inc. v. Areoquip Corp., 713 F.2d 1530, 218 U.S.P.Q. 
871 (Fed. Cir. 1983). None of the cited prior art teaches or suggests alone or in combination an 
apparatus or method of automatically obtaining a second certificate for a user using a first 
certificate comprising accessing a registration server or server platform using a user's server and 
the first certificate of the user to create a connection that authenticates both the user's server 
identity via a server certificate of the user server and the user's identity via the user's first 
certificate, creating a secure data channel between the registration server or server platform and 
forwarding a request for the second certificate from the user server to the registration server or 
server platform, as recited in claims 28, 35, 41 and 47. Additionally, claims 28 and 47 further 
recite determining in the registration server that the user is entitled to the second certificate, 
forwarding a request from the registration server to an authority to generate a private/public key 
pair, sending the private key to the user from the authority via the secure data channel, sending 
the public key from the authority to another authority to be signed and forwarding the second 
certificate from the another authority to a directory. Accordingly, claims 28, 35, 41 and 47 
should be patentable over the cited prior art. 

For the reasons described above, claims 28, 35, 41 and 47 should be patentable over the 
cited art. Withdrawal of the rejection of claims 28, 35, 41, and 47, as well as claims 29-34, 36- 
40, 42-46, and 48-52 which depend therefrom, respectively, is respectfully requested. 

II, The Rejection of Claim 29 Under 35 U.S.C. §103(a) Should be Withdrawn 

Claim 29 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Ginter in 
view of Vogel in further view of Riggins as applied above, and in further view of Moses U.S. 
Patent 6,108,788 ('*Moses"). Withdrawal of this rejection is respectfully requested for at least the 
following reasons. 
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Claim 29 depends from claim 28 and is patentable for substantially the same reasons as 
claim 28 and for the specific elements recited therein. The addition of Moses does not cure the 
aforementioned deficiencies of Ginger, Vogel, and Riggins. Accordingly, claim 29 is patentable 
over the cited prior art. 

IIL The Rejection of Claims 30-34, 36-40. 42-46 and 48-52 Under 35 U.S.C, $103(a) 
Should be Withdrawn 

Claims 30-34, 36-40, 42-46 and 48-52 stand rejected under 35 U.S.C. §103(a) as being 
unpatentable over Ginter, in view of Vogel, in further view of Riggins, in further view of Haber, 
et al, U.S. Patent No. 5,373,561 ("Haber"). Withdrawal of this rejection is respectfully 
requested for at least the following reasons. 

Claims 30-34 depend from claim 28 and are patentable for substantially the same reasons 
as claim 28 and for the specific elements recited therein. The addition of Haber does not cure the 
aforementioned deficiencies of Ginter, Vogel and Riggins with respect to claim 28. 
Accordingly, claims 30-34 are patentable over the cited prior art. 

Claims 36-40 depend from claim 35 and are patentable for substantially the same reasons 
as claim 35 and for the specific elements recited therein. The addition of Haber does not cure the 
aforementioned deficiencies of Ginter, Vogel and Riggins with respect to claim 28. 
Accordingly, claims 36-40 are patentable over the cited prior art. 

Claims 42-46 depend from claim 41 and are patentable for substantially the same reasons 
as claim 41 and for the specific elements recited therein. The addition of Haber does not cure the 
aforementioned deficiencies of Ginter, Vogel and Riggins with respect to claim 41. Accordingly, 
claims 42-46 are patentable over the cited prior art. 

Claim 48-52 depend from claim 47 and are patentable for substantially the same reasons 
as claim 47 and for the specific elements recited therein. The addition of Haber does not cure the 
aforementioned deficiencies of Ginter, Vogel and Riggins with respect to claim 47. 
Accordingly, claims 48-52 are patentable over the cited prior art. 
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For the reasons described above, claims 30-34, 36-40, 42-46 and 48-52 should be 
patentable over the cited art. Accordingly, withdrawal of this rejection is respectfiilly requested. 
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CONCLUSION 



In view of the foregoing remarks, Applicant respectfully submits that the present 
application is in condition for allowance. Applicant respectfully requests reconsideration of this 
application and that the application be passed to issue. 

Please charge any deficiency or credit any overpayment in the fees for this amendment to 
our Deposit Account No. 20-0090. 



Respectfully submitted. 
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